Linux Kernel Site Compromised

This site may earn affiliate commissions from the links on this page. Terms of use.

Some time in August kernel.org, the repository for the Linux kernel, got hacked. The breach was discovered on August 28. Based on what we know now, it appears unlikely that any of the source code was changed, but the admins are doing a thorough review in order to confirm this and to strengthen security.

The attacker appears to have gained access to a standard user account and somehow elevated credentials to root access. How he did this we don't know yet.

He made several other changes, including modifying some SSH-related files, logging user interactions and adding a trojan to the startup scripts.

As horrible and embarrassing as this sounds, it is highly unlikely that the actual kernel source was changed. The source code is managed by git, a distributed revision control system designed by Linus Torvalds. Git maintains SHA-1 hashes of each of the 40,000 files in the project and names the files based on the complete development history. The hashes are stored in multiple servers. It's impossible to make changes without being noticed.